Could some one help me with this

Status
Not open for further replies.

oldschoolrock09

Posts: 8   +0
i have got doginapen and whataboutadog on my computer
i looked at what i had to do from other posts
i got the AFW and i got my logs from that
i also got hijack this and have my logs from that
i will post both of them below
if some one could please go through them and give me some advice that would be greatly appreciated
 
Hi oldschoolrock09,

Welcome to Techspot!

My name is Blind Dragon and I will be helping you with your Malware problem. During the course of our interactions please be sure to follow all instructions carefully, and ask questions if you are unsure of how to proceed at any point.
--------------------------------------------------------------------------------
Download the ATF cleaner program from HERE and save it to your desktop.

*Run it after the next step while still in safe mode
---------------------------------------------------------------------------------

*Copy and paste the next 2 section into notepad and save it to your desktop to have while in safe mode*

Run Smitfraudfix
  • Download Smitfraudfix by S!ri from HERE
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
  • Double-click SmitfraudFix.exe
  • Select 2 and hit Enter to delete infected files.
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
---------------------------------------------------------------------------------------
While still in Safe Mode
Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

You can now boot into Normal Mode
--------------------------------------------------------------------------------------

Fix AWF Infection
Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

"C:\Program Files\Browser MOUSE\bak\mouse32a.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\ezSP_Px.exe"
"C:\WINDOWS\system32\bak\hphmon04.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe"
"C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\bak\hphupd04.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe"
"D:\HP Share-to-Web\bak\hpgs2wnd.exe"
"D:\HP Software Update\bak\HPWuSchd2.exe"
"D:\program files\bak\qttask.exe"
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Press 2 then Enter
  • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for bak folders.
  • It may take a few minutes to complete, so please be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please attach AWF.txt file in your next reply

------------------------------------------------------------------------------------------
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


Open Internet Explorer
click tools -> internet options.

Click the Security tab
Click on the Trusted sites icon.
Click the sites button and remove all sites from the trusted zone by selecting
them and clicking the remove button.
Once done, click ok.

Warning! Do not click the links below in the qoute box.
URLS removed after reply

Click ok, then ok again and close IE. reboot your system.
-----------------------------------------------------------------------------------

Come back here and post the logs that I asked for above. Also only use internet explorer if you absolutely have to, or if I ask you to: Here are 2 more secure browsers to choose from:
1)Firefox -> http://www.mozilla.com/en-US/firefox/
2)Opera -> http://www.opera.com/

The instructions in this thread are for the use of oldschoolrock09 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Fix AWF Infection Step 3

Copy the paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Program Files\Browser MOUSE\bak
C:\WINDOWS\system32\bak
C:\Program Files\ATI Technologies\ATI.ACE\bak
C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak
D:\HP Share-to-Web\bak
D:\HP Software Update\bak
D:\program files\bak
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • Select Option 3 from the menu and press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the folders and will perform another scan for bak folders.
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in Notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.
Before you close FindAWF, Select Option 4 from the menu and press Enter.
When it's finished the tool will return to the main menu.
Press E to close FindAWF.
 
you should have 1 more AWF.txt from after following kritius' instructions

Also run a fresh System Scan and Save a Log and attach it here

So we need for now:
1)AWF.txt
2)New Hijackthis
 
Status
Not open for further replies.
Back